The invention relates to a method and apparatus for transmitting and receiving secure and non-secure data. The secure data is ciphered to produce ciphered secure data for transmission.
In communications systems requiring privacy of data for a user of the system, signals are encrypted prior to being transmitted and are received and de-encrypted by the user's equipment. For example, internet data such as streaming video or voice is encrypted to prevent an unauthorized user of the internet gaining access to the data. In a cellular wireless communications system, voice signals are encrypted using ciphers in order to provide users with privacy. Encryption techniques are well known and are defined in various wireless cellular system standards. Nevertheless, for the sake of a fuller understanding a brief explanation of ciphering will now be given.
The use of ciphering or encryption is well established in many types of communications systems. Ciphering is used to encrypt information for the purpose of providing better security or confidentiality of the information. Ciphering is also for preventing unauthorised access to the information by anyone other than an intended recipient.
Information is usually ciphered by means of a ciphering code prior to being transmitted as data in a signal. Associated with a ciphering code is a ciphering key. Ciphered information can only be obtained from the transmitted signal by use of a corresponding deciphering code and an associated deciphering key. In some systems the ciphering key is the same as the deciphering key. Ciphering is used in all manner of applications where security of information is desired, for example communication over the internet.
A ciphering algorithm reorders or changes data such that it cannot be read or interpreted by ordinary means but can only be read or interpreted by using the deciphering key. Only the transmitter and receiver know which ciphering key and deciphering key have been selected for the transmitter and receiver to use respectively. In one example the ciphered data is obtained by the bit-by-bit binary addition of the user data and a ciphering code or bit stream, generated by an algorithm using the ciphering key.
While ciphering algorithms offer a degree of security, it is nevertheless possible to break a cipher. This is usually done by training, or repeatedly adapting, an algorithm to make iterative or repeated attempts to determine the deciphering key, each time varying the code according to the result of the previous attempt so as to obtain a better result. This is done until the result converges on the correct deciphering key. While breaking ciphers is computationally intensive, the availability of cheap computing power in recent years has meant that the ability to breaking such ciphers is now within the reach of many people. This poses a significant security risk to individuals and organisations that require sending or receiving secure data.
The computational requirement for breaking a cipher is dependent, in part, upon the nature of the unciphered information as it exists prior to being ciphered. The computational requirement is particularly dependent upon the apparent randomness of the unciphered information. For example, if the information comprises a well-defined sequence of digital data which is ciphered and then sent repeatedly many times in the same signal, the computational requirement is much less than it would be if the sequence had been random or pseudo-random in nature. This is particularly true if the means for determining the cipher includes prior knowledge of the repeated sequence.
In cellular wireless systems when ciphering is used to encrypt data for a user, both system control data and voice data for the user are ciphered. Messages containing system control data are predefined within the system and thus are of a known form and occur at known times. There is no confidential, private or secure information contained in the control data. The information in the control data is only of use to the system itself and not to the user. But the information in the voice signals is personal and therefore users can reasonably expect a degree of privacy in their telephone conversations.
The predictable nature of the control data provides unauthorized users or hackers with a known pattern for data within the ciphered data, and the known pattern gives the hackers a reference from which they can determine the cipher used and hence work back to decipher other parts of the data including private data. Hackers can thereby determine the information they need in order to eavesdrop or hack into a private conversation for example. Information to be ciphered and sent in a signal should ideally contain minimal repeated information and, more specifically, the signal should contain minimal repeated information that is known or predictable. This is because the repeated information may be used by an intruder to train an algorithm for unauthorized determination of the ciphering key. The number of iterations required to determine the key is much reduced if the transmitted information contains repeated information. System messages are transmitted for many users of the system, and have a fixed known sequence of bits.
It can be seen from the above that prior art systems which send ciphered data containing predictable or known information are much more vulnerable to access from unauthorized third parties.